I have some users with 3 groups, one group as primary and two as secondary group. In the smb.conf I have some shares as: [trf] path = /dados/trf valid users = +trf read only = No wide links = yes follow symlinks = yes [gvr] path = /dados/gvr valid users = +gvr read only = No wide links = yes follow symlinks = yes [ext] path = /dados/executivos valid users = +executivos read only = No The command id returns: # id felipe.domingos uid=1226(felipe.domingos) gid=115(trf) groups=115(trf),119(executivos),110(gvr) For my user I can access the share TRF and EXT, but i can't access the GVR share. felipe@iron:~$ smbclient //SERVER/trf -U felipe.domingos Enter felipe.domingos's password: Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.5.3] smb: \> exit felipe@iron:~$ smbclient //SERVER/ext -U felipe.domingos Enter felipe.domingos's password: Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.5.3] smb: \> exit felipe@iron:~$ smbclient //SERVER/gvr -U felipe.domingos Enter felipe.domingos's password: Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.5.3] tree connect failed: NT_STATUS_ACCESS_DENIED In my tests I realized that the order of groups makes difference, if I add another group as ctb, I get the result: # id felipe.domingos uid=1226(felipe.domingos) gid=115(trf) groups=115(trf),118(ctb),119(executivos),110(gvr) felipe@iron:~$ smbclient //SERVER/trf -U felipe.domingos Enter felipe.domingos's password: Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.5.3] smb: \> exit felipe@iron:~$ smbclient //SERVER/ctb -U felipe.domingos Enter felipe.domingos's password: Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.5.3] smb: \> exit felipe@iron:~$ smbclient //SERVER/ext -U felipe.domingos Enter felipe.domingos's password: Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.5.3] tree connect failed: NT_STATUS_ACCESS_DENIED felipe@iron:~$ smbclient //SERVER/gvr -U felipe.domingos Enter felipe.domingos's password: Domain=[MYDOMAIN] OS=[Unix] Server=[Samba 3.5.3] tree connect failed: NT_STATUS_ACCESS_DENIED I can access "trf" (primary group) and "ctb" (first secondary group), but I can't access the other share as "ext". I think that is a problem when you have more than one group as secondary. Other information: I have two server with the same configuration, in the server with smbd Version 3.5.1 it's work very well. The users are in LDAP. (The same users/server LDAP to two samba servers). Tks. Felipe